protected final String getPathAsString() { return getPath().toString(); }
@Override public CredentialEntry getCredentialEntry(String alias) throws IOException { readLock.lock(); try { SecretKeySpec key = null; try { if (!keyStore.containsAlias(alias)) { return null; } key = (SecretKeySpec) keyStore.getKey(alias, password); } catch (KeyStoreException e) { throw new IOException("Can't get credential " + alias + " from " + getPathAsString(), e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for credential " + alias + " from " + getPathAsString(), e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover credential " + alias + " from " + getPathAsString(), e); } return new CredentialEntry(alias, bytesToChars(key.getEncoded())); } finally { readLock.unlock(); } }
if (keystoreExists()) { stashOriginalFilePermissions(); try (InputStream in = getInputStreamForFile()) { ks.load(in, password); createPermissions("600"); throw new IOException("Can't create keystore", e); } catch (GeneralSecurityException e) { throw new IOException("Can't load keystore " + getPathAsString(), e);
protected AbstractJavaKeyStoreProvider(URI uri, Configuration conf) throws IOException { this.uri = uri; this.conf = conf; initFileSystem(uri); locateKeystore(); ReadWriteLock lock = new ReentrantReadWriteLock(true); readLock = lock.readLock(); writeLock = lock.writeLock(); }
protected void initFileSystem(URI uri) throws IOException { super.initFileSystem(uri); fs = getPath().getFileSystem(getConf()); }
@Override public CredentialEntry createCredentialEntry(String alias, char[] credential) throws IOException { writeLock.lock(); try { if (keyStore.containsAlias(alias)) { throw new IOException("Credential " + alias + " already exists in " + this); } return innerSetCredential(alias, credential); } catch (KeyStoreException e) { throw new IOException("Problem looking up credential " + alias + " in " + this, e); } finally { writeLock.unlock(); } }
@Override public void flush() throws IOException { super.flush(); if (LOG.isDebugEnabled()) { LOG.debug("Resetting permissions to '" + permissions + "'"); } if (!Shell.WINDOWS) { Files.setPosixFilePermissions(Paths.get(file.getCanonicalPath()), permissions); } else { // FsPermission expects a 10-character string because of the leading // directory indicator, i.e. "drwx------". The JDK toString method returns // a 9-character string, so prepend a leading character. FsPermission fsPermission = FsPermission.valueOf( "-" + PosixFilePermissions.toString(permissions)); FileUtil.setPermission(file, fsPermission); } }
@Override public void flush() throws IOException { writeLock.lock(); try { if (!changed) { LOG.debug("Keystore hasn't changed, returning."); return; } LOG.debug("Writing out keystore."); try (OutputStream out = getOutputStreamForKeystore()) { keyStore.store(out, password); } catch (KeyStoreException e) { throw new IOException("Can't store keystore " + this, e); } catch (NoSuchAlgorithmException e) { throw new IOException("No such algorithm storing keystore " + this, e); } catch (CertificateException e) { throw new IOException("Certificate exception storing keystore " + this, e); } changed = false; } finally { writeLock.unlock(); } }
@Override public List<String> getAliases() throws IOException { readLock.lock(); try { ArrayList<String> list = new ArrayList<String>(); String alias = null; try { Enumeration<String> e = keyStore.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); list.add(alias); } } catch (KeyStoreException e) { throw new IOException("Can't get alias " + alias + " from " + getPathAsString(), e); } return list; } finally { readLock.unlock(); } }
@Override protected void initFileSystem(URI uri) throws IOException { super.initFileSystem(uri); try { file = new File(new URI(getPath().toString())); if (LOG.isDebugEnabled()) { LOG.debug("initialized local file as '" + file + "'."); if (file.exists()) { LOG.debug("the local file exists and is size " + file.length()); if (LOG.isTraceEnabled()) { if (file.canRead()) { LOG.trace("we can read the local file."); } if (file.canWrite()) { LOG.trace("we can write the local file."); } } } else { LOG.debug("the local file does not exist."); } } } catch (URISyntaxException e) { throw new IOException(e); } }
@Override public CredentialEntry createCredentialEntry(String alias, char[] credential) throws IOException { writeLock.lock(); try { if (keyStore.containsAlias(alias)) { throw new IOException("Credential " + alias + " already exists in " + this); } return innerSetCredential(alias, credential); } catch (KeyStoreException e) { throw new IOException("Problem looking up credential " + alias + " in " + this, e); } finally { writeLock.unlock(); } }
@Override public void flush() throws IOException { super.flush(); if (!Shell.WINDOWS) { Files.setPosixFilePermissions(Paths.get(file.getCanonicalPath()), permissions); } else { // FsPermission expects a 10-character string because of the leading // directory indicator, i.e. "drwx------". The JDK toString method returns // a 9-character string, so prepend a leading character. FsPermission fsPermission = FsPermission.valueOf( "-" + PosixFilePermissions.toString(permissions)); FileUtil.setPermission(file, fsPermission); } }
@Override public void flush() throws IOException { writeLock.lock(); try { if (!changed) { return; } // write out the keystore try (OutputStream out = getOutputStreamForKeystore()) { keyStore.store(out, password); } catch (KeyStoreException e) { throw new IOException("Can't store keystore " + this, e); } catch (NoSuchAlgorithmException e) { throw new IOException("No such algorithm storing keystore " + this, e); } catch (CertificateException e) { throw new IOException("Certificate exception storing keystore " + this, e); } changed = false; } finally { writeLock.unlock(); } }
@Override public List<String> getAliases() throws IOException { readLock.lock(); try { ArrayList<String> list = new ArrayList<String>(); String alias = null; try { Enumeration<String> e = keyStore.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); list.add(alias); } } catch (KeyStoreException e) { throw new IOException("Can't get alias " + alias + " from " + getPathAsString(), e); } return list; } finally { readLock.unlock(); } }
protected AbstractJavaKeyStoreProvider(URI uri, Configuration conf) throws IOException { this.uri = uri; this.conf = conf; initFileSystem(uri); locateKeystore(); ReadWriteLock lock = new ReentrantReadWriteLock(true); readLock = lock.readLock(); writeLock = lock.writeLock(); }
if (keystoreExists()) { stashOriginalFilePermissions(); try (InputStream in = getInputStreamForFile()) { ks.load(in, password); createPermissions("600"); throw new IOException("Can't create keystore", e); } catch (GeneralSecurityException e) { throw new IOException("Can't load keystore " + getPathAsString(), e);
@Override public CredentialEntry getCredentialEntry(String alias) throws IOException { readLock.lock(); try { SecretKeySpec key = null; try { if (!keyStore.containsAlias(alias)) { return null; } key = (SecretKeySpec) keyStore.getKey(alias, password); } catch (KeyStoreException e) { throw new IOException("Can't get credential " + alias + " from " + getPathAsString(), e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for credential " + alias + " from " + getPathAsString(), e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover credential " + alias + " from " + getPathAsString(), e); } return new CredentialEntry(alias, bytesToChars(key.getEncoded())); } finally { readLock.unlock(); } }
protected void initFileSystem(URI uri, Configuration conf) throws IOException { super.initFileSystem(uri, conf); fs = getPath().getFileSystem(conf); }
public void addPropertyReadEntry(Map<String, String> tblProps, Set<ReadEntity> inputs) throws SemanticException { if (tblProps.containsKey(Constants.JDBC_KEYSTORE)) { try { String keystore = tblProps.get(Constants.JDBC_KEYSTORE); Configuration conf = new Configuration(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, keystore); boolean found = false; for (CredentialProvider provider : CredentialProviderFactory.getProviders(conf)) { if (provider instanceof AbstractJavaKeyStoreProvider) { Path path = ((AbstractJavaKeyStoreProvider) provider).getPath(); inputs.add(toReadEntity(path)); found = true; } } if (!found) { throw new SemanticException("Cannot recognize keystore " + keystore + ", only JavaKeyStoreProvider is " + "supported"); } } catch (IOException e) { throw new SemanticException(e); } } } }
@Override public CredentialEntry createCredentialEntry(String alias, char[] credential) throws IOException { writeLock.lock(); try { if (keyStore.containsAlias(alias) || cache.containsKey(alias)) { throw new IOException("Credential " + alias + " already exists in " + this); } return innerSetCredential(alias, credential); } catch (KeyStoreException e) { throw new IOException("Problem looking up credential " + alias + " in " + this, e); } finally { writeLock.unlock(); } }